1) What is Info Sec? Flashcards

1
Q

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

A

information security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Confidentiality, integrity, or availability?

A PIN code is required to log into an information asset.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Confidentiality, integrity, or availability?

Permissions are implemented to ensure access is restricted.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality, integrity, or availability?

All systems are operational and accessible.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Confidentiality, integrity, or availability?

Information is being protected by role-based access.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Confidentiality, integrity, or availability?

Data have not been modified from the original creation.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ability to prevent data from being changed in an unauthorized manner.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Ability to protect data from those who are not authorized to view it.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ability to access data when it is needed.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Proper attribution to the owner or creator of the data.

A

Authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Physical disposition of the media on which data is stored.

A

Posession

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How useful the data is.

A

Utility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attack Type:

Eavesdropping on a phone.

A

Interception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Attack Type:

DoS on a mail server.

A

Interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Attack Type:

Altering a web server config file.

A

Modification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Attack Type:

Spoofing emails.

A

Fabrication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Something that has potential to cause harm.

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Weaknesses that can be used to harm us.

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Likeliness that something bad will happen.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The value of the asset is used to assess if a risk is present.

A

Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Identifying and categorizing the assets we are trying to protect.

A

Identify Assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Begin to identify and categorize threats that could harm our assets.

A

Identify Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Identify the weakness that exist in our assets.

A

Assess Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Assess if both a threat and a vulnerability exist.

A

Assess Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Put controls in place.

A

Mitigate Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What type of control should be used to mitigate the risk:

Server room access.

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What type of control should be used to mitigate the risk:

Work hour restrictions not set.

A

Logical

28
Q

What type of control should be used to mitigate the risk:

No acceptable use form for users.

A

Administrative

29
Q

What type of control should be used to mitigate the risk:

Unguarded building.

A

Physical

30
Q

What type of control should be used to mitigate the risk:

Password lockout not set.

A

Logical

31
Q

(T/F) Using the concept of defense in depth we can protect ourselves against someone using a USB flash drive to remove confidential data from an office space within our building.

A

True

32
Q

Protects information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

A

Information Security

33
Q

Companies that process credit card payments must comply with this set of standards.

A

PCI DSS

34
Q

Companies that process credit card payments must comply with PCI DSS. What does PCI DSS stand for?

A

Payment Card Industry Data Security Standard

35
Q

Used to keep something private or minimally known.

A

Confidentiality

36
Q

Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner.

A

Integrity

37
Q

Refers to the ability to access our data when we need it.

A

Availability

38
Q

A type of attack, primarily against confidentiality.

A

Interception

39
Q

Something that has the potential to cause harm to our assets.

A

Threat

40
Q

A weakness that can be used to harm us.

A

Vulnerability

41
Q

The likelihood that something bad will happen.

A

Risk

42
Q

An attack that causes our assets to become unusable or unavailable for our use, on a temporary or permanent basis.

A

Interruption attack

43
Q

An attack that involves tampering with our assets.

A

Modification attack

44
Q

A model that adds three more principles to the CIA triad: possession or control, utility, and authenticity.

A

Parkerian hexad

45
Q

The physical disposition of the media on which the data is stored.

A

Possession or control

46
Q

Allows for attribution as to the owner or creator of the data in question.

A

Authenticity

47
Q

Refers to how useful the data is to us.

A

Utility

48
Q

An attack that involves generating data, processes, communications, or other similar activities with a system.

A

Fabrication attack

49
Q

One of the first and most important steps of the risk management process.

A

Identify assets

50
Q

A multilayered defense that will allow us to achieve a successful defense should one or more of our defensive measures fail.

A

Defense in depth

51
Q

Based on rules, laws, policies, procedures, guidelines, and other items that are “paper” in nature.

A

Administrative controls

52
Q

Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data.

A

Logical controls

53
Q

Controls that protect the physical environment in which our systems sit, or where our data is stored.

A

Physical controls

54
Q

Involves putting measures in place to help ensure that a given type of threat is accounted for.

A

Mitigating Risk

55
Q

The risk management phase that consists of all of the activities that we can perform in advance of the incident itself, in order to better enable us to handle it.

A

Preparation phase

56
Q

The risk management phase where we detect the occurrence of an issue and decide whether it is actually an incident so that we can respond to it appropriately.

A

Detection and analysis phase

57
Q

The risk management phase where we determine specifically what happened, why it happened, and what we can do to keep it from happening again.

A

Post-incident activity phase

58
Q

To completely remove the effects of the issue from our environment.

A

Eradication

59
Q

Taking steps to ensure that the situation does not cause any more damage that it already has, or at the very least, lessen any ongoing harm.

A

Containment

60
Q

Restore to a better state.

A

Recover

61
Q

The Interception attack type most commonly affects which principle(s) of the CIA triad?

A

Confidentiality

62
Q

The Fabrication attack type most commonly affects which principle(s) of the CIA triad?

A

Integrity and Availability

63
Q

What is the first and arguably one of the most important steps of the risk management process?

A

Identify assets

64
Q

Something that has the potential to cause harm to our assets.

A

Threat

65
Q

During what phase of the incident response process do we determine what happened, why it happened, and what we can do to keep it from happening again?

A

Post-incident Activity

66
Q

Controls that protect the systems, networks, and environments that process, transmit, and store our data.

A

Logical controls